<?php   
	include('db.php');
	$tbl_name="Users"; // Table name **needs to be edited with the name of the table containing our usernames and passwords

	// Connect to server and select databse.
	mysql_connect($HOST, $USER, $PASS)or die("cannot connect");
	mysql_select_db("$DB")or die("cannot select DB");
	
	// Define $myusername
	$myusername=$_POST['login'];
	$answer=$_POST['answer'];

	// To protect MySQL injection (more detail about MySQL injection)
	$myusername = stripslashes($myusername);
	$myusername = mysql_real_escape_string($myusername);
	$sql="SELECT answer FROM $tbl_name WHERE login='$myusername'";
	$result=mysql_query($sql);
	$expectedAnswer = $result ? mysql_result( $result, 0 ) : mysql_error() ; 
	if ("$expectedAnswer" == "$answer") {
		echo 'Your request has been submitted.';
		mysql_query("INSERT INTO Password_Requests VALUES('$myusername')");
	}
	else {echo '<p>Your answer is incorrect!</p>';}
?>
